We see lots of confusion out there surrounding what exactly constitutes PHI and electronic PHI (ePHI). Let’s take a look.
According to the Code of Federal Regulations 160.103:
Protected health information means individually identifiable health information
The truth is, there isn’t a short and sweet definition, especially when you consider the root of why many seek this definition — a goal of de-identification (45 CFR 164.514.b).
It’s nuanced. The inclusion of terms and phrases such as…
A person with appropriate knowledge… … determines that the risk is very small that the information could be used
other reasonably available
…all but guarantees that this will be largely left to interpretation and legal precedent. Discouraged yet?
Here’s some advice (friendly, not legal). Error on the side of caution. Treat all electronic patient data containing the following identifiers as ePHI:
Above all, the stakes are generally high when it comes to PHI / ePHI; consult legal counsel as appropriate.
We ensure your computers and business systems work and we do it incredibly efficiently. Plain and simple.
While this isn't glamorous, by now you've probably seen that it's critical. Information technology is fundamental to your objectives. Alas, it’s not your core competency; you do what you do. IT is ours, and we do it well.
4425 Indian Creek Pkwy
Overland Park, KS 66207